-
gnupg (1.4.11-3ubuntu4.4) quantal-security; urgency=low
* SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic
Cryptanalysis attack
- debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret
operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the
MPIs used as input to secret key functions in cipher/dsa.c,
cipher/elgamal.c, cipher/rsa.c.
- CVE-2013-4576
-- Marc Deslauriers <email address hidden> Wed, 18 Dec 2013 11:15:37 -0500
-
gnupg (1.4.11-3ubuntu4.3) quantal-security; urgency=low
* SECURITY UPDATE: incorrect no-usage-permitted flag handling
- debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags
in g10/getkey.c, g10/keygen.c, include/cipher.h.
- CVE-2013-4351
* SECURITY UPDATE: denial of service via infinite recursion
- debian/patches/CVE-2013-4402.dpatch: set limits on number of filters
and nested packets in util/iobuf.c, g10/mainproc.c.
- CVE-2013-4402
-- Marc Deslauriers <email address hidden> Tue, 08 Oct 2013 07:46:59 -0400
-
gnupg (1.4.11-3ubuntu4.2) quantal-security; urgency=low
* SECURITY UPDATE: The path of execution in an exponentiation function may
depend upon secret key data, allowing a local attacker to determine the
contents of the secret key through a side-channel attack.
- debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for
exponents in secure memory. Based on upstream patch.
- CVE-2013-4242
-- Seth Arnold <email address hidden> Tue, 30 Jul 2013 15:22:19 -0700
-
gnupg (1.4.11-3ubuntu4.1) quantal-security; urgency=low
* SECURITY UPDATE: keyring corruption via malformed key import
- debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c.
- CVE-2012-6085
-- Marc Deslauriers <email address hidden> Tue, 08 Jan 2013 10:46:11 -0500
-
gnupg (1.4.11-3ubuntu4) quantal; urgency=low
* Update config.guess,sub for aarch64
-- Wookey <email address hidden> Mon, 01 Oct 2012 12:56:41 +0100
-
gnupg (1.4.11-3ubuntu3) quantal-proposed; urgency=low
* debian/patches/long-keyids.dpatch: Use the longest key ID available
when requesting a key from a key server.
-- Marc Deslauriers <email address hidden> Tue, 24 Jul 2012 10:28:39 -0400
-
gnupg (1.4.11-3ubuntu2) precise; urgency=low
* Mark gnupg, gnupg-curl, and gpgv Multi-Arch: foreign.
-- Colin Watson <email address hidden> Mon, 21 Nov 2011 13:42:07 +0000